Vraag & Antwoord

Beveiliging & privacy

Problemen websearch

Anoniem
M@rc
13 antwoorden
 • Heb eveneens problemen met een werkbalk met daarin websearch.
  Dit is mijn Logfile of HijackThis v1.97.7
  Scan saved at 22:44:44, on 4-7-2004
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
  C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\Documents and Settings\John\Application Data\Mini\minicontrolpanel-w32-x86-12921.exe
  C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
  C:\Program Files\Messenger\msmsgs.exe
  C:\WINDOWS\System32\CTsvcCDA.exe
  C:\Program Files\Norton AntiVirus\navapsvc.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\System32\MsPMSPSv.exe
  C:\Program Files\Internet Explorer\IEXPLORE.EXE
  C:\Program Files\Outlook Express\MSIMN.EXE
  C:\Documents and Settings\John\Local Settings\Temp\Tijdelijke map 3 voor hijackthis.zip\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.euro.dell.com/
  F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
  O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
  O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
  O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
  O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
  O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
  O4 - HKCU\..\Run: [Mini] C:\Documents and Settings\John\Application Data\Mini\minicontrolpanel-w32-x86-12921.exe
  O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O8 - Extra context menu item: Figuur openen in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\Office\1043\phdintl.dll/phdContext.htm
  O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
  O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

  Wie kan mij helpen?
 • [code:1:3db8ee3e4a]F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe[/code:1:3db8ee3e4a]

  Entry fixen, indien nodig process killen en file verwijderen.
  Daarna rebooten en AdAware draaien.
 • Hallo Wielen,

  Eerst verplaatsje HijackThis.
  Sla HijackThis op in een eigen map. Niet op je bureaublad of in je Temp-files. HijackThis maakt namelijk backups in de map waar het opgestart wordt.
  Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren:
  [b:7387a8a2e0]
  F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,

  O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
  [/b:7387a8a2e0]
  Als je dit gedaan hebt start je de computer op in veilige modus.
  Zorg dat alle verborgen bestanden weergegeven worden, en verwijder de volgende bestanden of mappen indien aanwezig:
  C:\Windows\System32\wsaupdater.exe <–dit bestand.

  Nadien scan je met Ad-aware. Instructies over het gebruik vind je hier of in de spyware-faq.

  groeten,
  Marc
 • Probleem nog niet opgelost. Hier nieuw Hijackthis logboek:

  Logfile of HijackThis v1.97.7
  Scan saved at 11:52:10, on 5-7-2004
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
  C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\Documents and Settings\John\Application Data\Mini\minicontrolpanel-w32-x86-12921.exe
  C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
  C:\Program Files\Messenger\msmsgs.exe
  C:\Documents and Settings\John\Local Settings\Temp\Tijdelijke map 4 voor hijackthis.zip\HijackThis.exe
  C:\WINDOWS\System32\CTsvcCDA.exe
  C:\Program Files\Norton AntiVirus\navapsvc.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\System32\MsPMSPSv.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.euro.dell.com/
  O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
  O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
  O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
  O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
  O4 - HKCU\..\Run: [Mini] C:\Documents and Settings\John\Application Data\Mini\minicontrolpanel-w32-x86-12921.exe
  O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O8 - Extra context menu item: Figuur openen in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\Office\1043\phdintl.dll/phdContext.htm
  O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
  O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
 • Probleem nog niet opgelost. Hier nieuw Hijackthis logboek:

  Logfile of HijackThis v1.97.7
  Scan saved at 11:52:10, on 5-7-2004
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
  C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\Documents and Settings\John\Application Data\Mini\minicontrolpanel-w32-x86-12921.exe
  C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
  C:\Program Files\Messenger\msmsgs.exe
  C:\Documents and Settings\John\Local Settings\Temp\Tijdelijke map 4 voor hijackthis.zip\HijackThis.exe
  C:\WINDOWS\System32\CTsvcCDA.exe
  C:\Program Files\Norton AntiVirus\navapsvc.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\System32\MsPMSPSv.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.euro.dell.com/
  O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
  O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
  O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
  O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
  O4 - HKCU\..\Run: [Mini] C:\Documents and Settings\John\Application Data\Mini\minicontrolpanel-w32-x86-12921.exe
  O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O8 - Extra context menu item: Figuur openen in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\Office\1043\phdintl.dll/phdContext.htm
  O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
  O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
 • Bij volledig opstarten is het Hijackthis file hetvolgende:

  Logfile of HijackThis v1.97.7
  Scan saved at 12:19:39, on 5-7-2004
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\WindowsSA\omniscient.exe
  C:\Program Files\Real\RealPlayer\RealPlay.exe
  C:\Program Files\Dell\Media Experience\PCMService.exe
  C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
  C:\WINDOWS\System32\DSentry.exe
  C:\WINDOWS\system32\dla\tfswctrl.exe
  C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
  C:\WINDOWS\System32\CTHELPER.EXE
  C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\WINDOWS\System32\CTsvcCDA.exe
  C:\Program Files\Norton AntiVirus\navapsvc.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\System32\MsPMSPSv.exe
  C:\Documents and Settings\John\Application Data\Mini\minicontrolpanel-w32-x86-12921.exe
  C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
  C:\WINDOWS\System32\ctfmon.exe
  C:\Documents and Settings\John\Local Settings\Temp\Tijdelijke map 5 voor hijackthis.zip\HijackThis.exe
  C:\Program Files\Internet Explorer\IEXPLORE.EXE

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.euro.dell.com/
  O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
  O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\WhenUSearch\Search.exe"
  O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
  O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
  O4 - HKLM\..\Run: [twpchwz] C:\WINDOWS\twpchwz.exe
  O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
  O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
  O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [lmzqh] C:\WINDOWS\lmzqh.exe
  O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
  O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
  O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
  O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
  O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
  O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin2\bargains.exe
  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
  O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
  O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:DUT
  O4 - HKCU\..\Run: [Mini] C:\Documents and Settings\John\Application Data\Mini\minicontrolpanel-w32-x86-12921.exe
  O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
  O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
  O8 - Extra context menu item: Figuur openen in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\Office\1043\phdintl.dll/phdContext.htm
  O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
  O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
 • Hallo Wielen,

  Volgens mij heb je niet met een geupdate ad-aware gescand. Dit is echt nodig om alle restanten van spyware weg te krijgen.

  Ook heb ik de indruk dat er bepaalde zaken in de ignorelist staan van HijackThis. Klopt dit?

  Ga naar Configuratiescherm - Software - Programma's wijzigen of verwijderen en uninstall
  - WhenuSearch
  - SaveNow
  - Bargain Buddy
  - ClockSync
  - P2P Networking.exe

  Beeindig via taakbeheer (ctrl+alt+del) de processen:
  omniscient.exe


  Verplaats HijackThis…..Haal het weg uit je Temp-map.
  Sla HijackThis op in een eigen map. Niet op je bureaublad of in je Temp-files. HijackThis maakt namelijk backups in de map waar het opgestart wordt.
  Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren:
  [b:c59d39fd90]
  O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
  O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\WhenUSearch\Search.exe"
  O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
  O4 - HKLM\..\Run: [twpchwz] C:\WINDOWS\twpchwz.exe
  O4 - HKLM\..\Run: [lmzqh] C:\WINDOWS\lmzqh.exe
  O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin2\bargains.exe
  O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
  O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
  [/b:c59d39fd90]
  Als je dit gedaan hebt start je de computer op in veilige modus.
  Zorg dat alle verborgen bestanden weergegeven worden, en verwijder de volgende bestanden of mappen indien aanwezig:
  C:\Program Files\WindowsSA <–deze map
  C:\Program Files\WhenUSearch <–deze map
  C:\Program Files\Save <–deze map
  C:\WINDOWS\twpchwz.exe <–dit bestand hernoemen naar twpchwz.old
  C:\Program Files\Bargain Buddy <–deze map
  C:\WINDOWS\alchem.exe <–dit bestand
  C:\WINDOWS\lmzqh.exe <—dit bestand hernoemen naar lmzqh.old
  C:\Program Files\ClockSync <–deze map

  Reboot de computer en scan met een geupdate ad-aware.

  Reboot en post een nieuwe HijackThislog.

  Dit ken ik niet:
  O4 - HKCU\..\Run: [Mini] C:\Documents and Settings\John\Application Data\Mini\minicontrolpanel-w32-x86-12921.exe

  Enig idee?

  groeten,
 • Logfile of HijackThis v1.97.7
  Scan saved at 20:17:47, on 5-7-2004
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Real\RealPlayer\RealPlay.exe
  C:\Program Files\Dell\Media Experience\PCMService.exe
  C:\WINDOWS\System32\DSentry.exe
  C:\WINDOWS\system32\dla\tfswctrl.exe
  C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
  C:\WINDOWS\System32\CTHELPER.EXE
  C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\WINDOWS\System32\CTsvcCDA.exe
  C:\Program Files\Norton AntiVirus\navapsvc.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\System32\MsPMSPSv.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\Documents and Settings\John\Application Data\Mini\minicontrolpanel-w32-x86-12921.exe
  C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
  C:\WINDOWS\System32\ctfmon.exe
  C:\Documents and Settings\John\Local Settings\Temp\Tijdelijke map 6 voor hijackthis.zip\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.euro.dell.com/
  O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
  O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
  O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
  O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
  O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
  O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
  O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
  O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
  O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
  O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
  O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:DUT
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - HKCU\..\Run: [Mini] C:\Documents and Settings\John\Application Data\Mini\minicontrolpanel-w32-x86-12921.exe
  O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
  O8 - Extra context menu item: Figuur openen in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\Office\1043\phdintl.dll/phdContext.htm
  O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
  O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
 • [code:1:c7f8117573]O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
  [/code:1:c7f8117573]

  Die moet er nog uit.
 • [quote:a259ede2af="=Rieske="][code:1:a259ede2af]O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
  O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe[/code:1:a259ede2af]

  Die moeten er nog uit.[/quote:a259ede2af]

  Toch niet.
  over die O4:
  [quote:a259ede2af]
  Program Name: dla

  Executable Name: tfswctrl.exe

  Required: Yes

  Comments: Drive letter access to HP's and Veritas' version of DirectCD. Does the same thing as DirectCD. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones"[/quote:a259ede2af]
 • Xquse me, je hebt gelijk…zal 'm editten. Te snel gelezen.
 • Log ziet er goed uit Wielen.
  Probleem opgelost?

  Kan je dit thuisbrengen?

  O4 - HKCU\..\Run: [Mini] C:\Documents and Settings\John\Application Data\Mini\minicontrolpanel-w32-x86-12921.exe

  USB-stick of zo??

  groeten,
 • Ja, programmatje voor USB stick. Verder geen probleem.
  Ontzettend bedankt! Probleem opgelost!

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.